RE: SecureIIS

From: David Ellis (
Date: 08/28/02

From: David Ellis <>
Date: Wed, 28 Aug 2002 16:01:43 -0400

Huh, I have never heard any system/security engineer say any sort of thing
like that. It is defense in depth, Yes you harden the server, keep up with
security patches, read, etc,etc, etc. But what about the new bufferoverflow
which will come out next week in IIS that there is no patch against yet and
the url consists of a certain length, Secure IIS will stop the connection.
But with an attitude like that you will sure to be vandalized sooner or
later. You are only human and dont know everything there is to know about
every vulnerability. There is way to much information to know.

Secure IIS is a great product, It has logged and stopped alot of attempts on
my server even though I know my server is hardened a little to much. But I
would say use shadow web firewall from safety labs. It is the exact same
product - no lie, as secureIIS but 330.00 cheaper. it is only 70.00. and the
same goes with their product shadow security scanner and compare it to
eeye's retina. SSS only costs 99.00 and it is the same exact product all the
way up to the reporting features.

Hope this helps.

Systems/Security Engineer

-----Original Message-----
From: DSardina []
Sent: Tuesday, August 27, 2002 7:28 PM
Subject: RE: SecureIIS


SecureIIS is a great product but I/we dont use it.
I feel like its a cop-out of being an admin.

I like to defend on my own knowledge, rather than a program doing it for me.
But yes, if your not into mailing lists/reading alot/staying up with
vurnerabilities, then yea,
its good to use. Just my 2cents.


-----Original Message-----
From: []
Sent: Tuesday, August 27, 2002 12:59 PM
Subject: SecureIIS


I am looking for a recent review of Eeye's SecureIIS. I need information
about the security of the product as well as stability. Success stories
would be cool as well. Basically I'm trying to find out if the product is
trust worthy and if I can sleep at night while it's running. I have no
choice but to deploy an IIS server in this case.



Get your free encrypted email at
The contents of this email and any attachments are confidential.
It is intended for the named recipient(s) only.
If you have received this email in error please notify the system manager or the
sender immediately and do not disclose the contents to any one or make copies.

** eSafe-porthmouth scanned this email for viruses, vandals and malicious content **